S3 Bucket Allows Authenticated READ Access

Data at risk

S3 Bucket Allows Authenticated READ Access

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
CPRA
Data Security Posture Management (DSPM) Best Practices
GDPR
HITRUST
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices
PDPA
UK Cyber Essentials

Description

Ensure that your S3 buckets content cannot be listed by AWS authenticated accounts or IAM users in order to protect your S3 data against unauthorized access. An S3 bucket that allows READ (list) access to authenticated users will provide AWS accounts or IAM users the ability to list the objects within the bucket and use the information acquired to find objects with misconfigured ACL permissions and exploit them

S3 Bucket Allows Authenticated READ Access

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS